SlideShare une entreprise Scribd logo
1  sur  40
Télécharger pour lire hors ligne
DATA PROTECTION LAW IS COMING TO ASIA




      Professor Abu Bakar Munir
    Faculty of Law, University of Malaya
    Adviser to the Malaysian Government
                 (2007-2010)



    INDONESIA INFORMATION SECURITY FORUM 2011
                14 December 2011
                Bandung, Indonesia
                     #IISF2011                  1
THE WORLD’S GREATEST NEWSPAPER 1843-2011




                   #IISF2011               2
#IISF2011   3
Concept of Privacy

Definition

Privacy is our right to keep a domain around us,
which includes all those things that are part of us,
such as our body, home, thoughts, feelings,
secrets and identity. The right to privacy gives us
the ability to choose which parts in this domain
can be accessed by others, and to control the
extent, manner and timing of the use of those
parts we choose to disclose.



                        #IISF2011                      4
Types of Privacy




    The right to be left alone
    Bodily privacy
    Privacy of communications
    Territorial privacy
    Informational privacy



                   #IISF2011      5
Privacy as Human Rights

Article 12 Universal Declaration on Human Rights 1948

    No one shall be subjected to arbitrary interference with his privacy,
    family, home or correspondence, nor to attacks upon his honour and
    reputation. Everyone has the right to the protection of the law against
    such interference or attacks.

Some Other Instruments

   Article 17, International Covenant on Civil and Political Rights 1966
   Article 16, Conventions on the Rights of the Child 1989
   Article 8, Convention for the Protection of Human Rights and
    Fundamental Freedoms 1950
   Article 18, OIC Cairo Declaration on Human Rights in Islam 1990
   Article 4.3, Declaration of Principles on Freedom of Expression in Africa
    2002
   Article 5, American Declaration of the Rights and Duties of Man


                                 #IISF2011                                 6
Informational Privacy

     The rights of an individual to have
     control over his personal information

  Informational Privacy = Personal
  Data Protection




                   #IISF2011                 7
Why countries protect personal data?


      International obligation
      Competitiveness
      Human right
      International influence




                     #IISF2011         8
Why Protect Personal Data?
What Customers Say…

 Nearly 90% of online consumers want the right to control
  how their personal information is used after it is collected
                                   (Forrester Research 2003)

 87 % of Americans are concern about the security of their
  information on the Internet
                                (Zogby International 2010)

 61 % of adult Americans said that they were extremely
  concerned about the privacy of their personal information
  when buying online
                    (University of Southern California 2007)


                           #IISF2011                        9
Cont……..

 Our research shows that 80% of our customer would
  walk away if we mishandled their information
                                 (Royal Bank of Canada 2003)

 Concerns about the use of personal information led
  64% of respondents to decide not to purchase from a
  company
                                 (Privacy and American 2005)

 67% respondents decided not to register at a website
  or shop online because they found privacy policy to be
  too complicated or unclear
                                 (Privacy and American 2005)
                         #IISF2011                        10
Malaysian Consumers Say…..

 75.3% respondents say that they were “somehow
  concerned” and “very concerned” with their personal
  privacy even when not online

 94.2 % respondents felt that their personal privacy
  might be threatened when using the Internet

 50.8 % of non Internet Banking customers have not
  migrated to the online services mainly due to security,
  trust and privacy concerns

                      (Muniruddeen Lallmahamood 2007/2008)

                         #IISF2011                      11
Therefore….



   Trust and risk are major determinants
    towards purchasing and of intention to
    purchase
   Trust is difficult to gain but easy to lose
   Consumers are concern about their privacy
   Consumers are very concern about privacy
    when transact online




                      #IISF2011                   12
GOOD PRIVACY, GOOD BUSINESS


“Privacy is good for
business”




Harriet Pearson
IBM Chief Privacy Officer




                            #IISF2011   13
How?
  Potential Risks
   Breaches of data protection law
   Damage to organization’s reputation and brand
   Physical, psychological and economic harm to
    customers
   Financial losses associated with deterioration in
    quality and integrity of personal data due to
    customers’ distrusts
   Loss of market share or a drop in stock prizes
    due to negative publicity/ failure or delay in the
    implementation of new product / service due to
    privacy concern
                       #IISF2011                    14
Benefits


 More positive organizational image and
  significant edge over the competition
 Business development via expansion into
  jurisdiction requiring clear privacy standard
 Enhanced data quality and integrity
 Fostering better customer service and more
  strategic business decision making
 Enhanced customer trusts and loyalty


                      #IISF2011                   15
#IISF2011   16
#IISF2011   17
International Instruments



       OECD Guidelines 1980
       Council of Europe Convention 1981
       European Directive 1995
       APEC Privacy Framework 2004
       Madrid Resolution 2009




                    #IISF2011               18
OECD Guidelines 1980 (8 Principles)


        Collection limitation
        Data Quality
        Purpose Specification
        Use Limitation
        Security
        Openness
        Individual Participation
        Accountability


                       #IISF2011      19
Council of Europe Convention 1981


Personal Data shall be:

 obtained fairly and lawfully
 stored for specified and legitimate purposes and not
  used in a way incompatible with those purposes
 adequate, relevant and not excessive
 accurate and, where necessary kept up to date
 preserved in a form which permits identification of the
  data subjects for no longer than is required for the
  purpose for which those data are stored




                          #IISF2011                         20
European Directive 1995


Personal data must be;

 Processed fairly and lawfully
 Collected for specified, explicit and legitimate purposes
  and not further processed in a way incompatible with
  those purposes
 adequate, relevant and not excessive
 accurate and, where necessary kept up to date




                           #IISF2011                          21
APEC Privacy Framework 2004 (9 Principles)




          Preventing harm
          Notice
          Collection Limitation
          Uses of personal information
          Choice
          Integrity
          Security safeguards
          Access and correction
          accountability


                         #IISF2011           22
Madrid Resolution 2009 (6 Principles)




       Lawfulness and fairness
       Purpose specification
       Proportionality
       Data quality
       Openness
       Accountability




                           #IISF2011    23
Innovative ideas on proactive measures to protect
personal data:


   Procedures to prevent and detect breaches
   Appointment of data protection or privacy officers
   Training, education and awareness programmes
   Audit
   Adaptation of information systems and /or technologies
   Implementation of privacy impact assessment prior to
    implementing new systems or technologies
   Adoption of codes of practice
   Implementation of a response plan


    The Madrid Resolution has received support from
    Oracle, Walt Disney, Accenture, Microsoft, Google,
    Intel, Procter & Gamble, General Electric, IBM and
    Hewlett Packard     #IISF2011                            24
National Approaches




         Comprehensive Legislation
         Legislation + Self-Regulatory
         Self–Regulatory
         Doing Nothing




                       #IISF2011          25
Comprehensive Legislation




   All EU countries, including the 10 new
    member states (Cyprus, Czech Republic,
    Estonia, Hungary, Latvia, Lithuania, Malta,
    Poland, Slovakia and Slovenia)
   Japan, Korea, New Zealand, Australia, Hong
    Kong, Macao, Taiwan, Philippines
   Chile, Argentina, Brazil, Mexico
   In Middle East, only Israel




                     #IISF2011                    26
Legislation + Self-Regulatory
    USA – Privacy Act 1974 + 12 federal
      sectoral based legislation + State Laws
      + Safe Harbour

Self-Regulatory
    Singapore - Does not work – To have a
      data protection law by 2012




                   #IISF2011                    27
Doing Nothing so far



       Brunei
       Vietnam
       Laos
       Cambodia
       Many more




                    #IISF2011   28
#IISF2011   29
Our Part of the World : What’s Happening ?
•   Macao enacted her Personal Data Protection Act in 2006

•   China has came out with several drafts of the law, and the latest in 2007

•   India amended her Information Technology Act in December 2008. Some new provisions are added
    to protect privacy and personal data. In April 2011, the third draft of the Privacy Bill was issued.

•   Indonesia came out with an academic draft in 2009

•   Thailand has developed a draft Bill in 2010

•   Taiwan amended her old law and passed a more comprehensive Personal Data Protection Act in
    April 2010

•   Malaysia has passed the Personal Data Protection Act in June 2010

•   Korea came out with a more comprehensive law in March 2011

•   The Philippines Congress has came out with the draft Act

•   Australia and Hong Kong are reviewing their Privacy Act and Privacy Ordinance respectively

•   Singapore is currently developing a law and is expected to be ready by 2012. On 13 Sept 2011, a
    Consultation Paper was released

•   In April 2011, the EU Working Party decided that the New Zealand Privacy Act is adequate
                                               #IISF2011                                              30
Korea                       Malaysia                    Taiwan
   Data Protection Act             Personal Data              Personal Data
          2011                  Protection Act 2010        Protection Act 2010
• Data Protection             • Data Protection          • Data Protection
  Principles                    Principles                 Principles
• Rights of Data Subjects     • Rights of Data           • Rights of Data
• Organization to               Subjects                   Subjects
  designate someone to
  take charge                 • Special entity to        • Mandatory data
• Special entity to enforce     enforce the Act (Data      Breach Notification
  the Act (Data Protection      Protection                 (to the Data Subject)
  Commission/DPC)               Commissioner)            • Enforcement by
• Mandatory reporting of      • No mandatory data          Ministries responsible
  significant breach to DPC     breach notification.       for each industry
• Data breach notification    • Differentiate personal     sector
  (to the Data Subject)         data & sensitive data.
• Mediation to resolve        • Does not apply to
  dispute.
                                Federal and States
• Differentiate personal        Goverments
  data & sensitive data
• PIAs are encouraged
                                      #IISF2011                            31
Malaysian PDPA : An Overview


                           Federal &
                            States
                             Govts




          Credit                                 Non-
        Reference                             Commercial
        Agencies                              Transactions

                             Non-
                           Application




                 Data                    Personal,
               Processed                  Family,
                Outside                  Household
                Malaysia                  Affairs




                           #IISF2011                         32
General
                              Principle

                                                   Notice and
      Access
                                                     Choice
     Principle
                                                    Principle



                                 DATA
                             PROTECTION
  Data                        PRINCIPLES
                                                        Disclosure
Integrity
                                                         Principle
Principle




                 Retention                 Security
                 Principle                 Principle
                             #IISF2011                               33
Exemptions

             • Crime Prevention/Detection
             • Offenders Apprehension/Prosecution
             • Tax/Duty Assessment/Collection
   Partial   • Physical/Mental Health
             • Statistics/Research
             • Court Order/Judgment
             • Regulatory Functions
             • Journalistic/Literary/Artistic




             • Personal
             • Family
    Total    • Household
             • Recreational




                 #IISF2011                          34
Right to be
                   Informed

   Right to
   Prevent
Processing for                   Right to
    Direct                       Access
  Marketing
  Purposes

                  RIGHTS
                  OF DATA
                 SUBJECTS
   Right to
   Prevent
                                Right to
 Processing
                                Correct
  Likely to
Cause Distress

                  Right to
                  Withdraw
                  Consent
                  #IISF2011                 35
No.       Section                                    Offences                                     Penalty
 1                                                                                     Fine <RM500,000.00/
          S. 16(4)        Processing without a certificate of registration
                                                                                       Imprisonment < 3 years/ Both
 2                                                                                      Fine <RM500,000.00/
          S 18(5)         Processing after registration is revoked
                                                                                        Imprisonment < 3 years/Both
 3                                                                                      Fine <RM500,000.00/
            S.5           Contravening Data Protection Principles
                                                                                        Imprisonment < 2 years/Both
 4                                                                                      Fine <RM100,000.00/
            S. 29         Non-Compliance with Code of Practice
                                                                                        Imprisonment < 1 year/Both
 5                        Failure to Inform the Refusal to Comply with the Data         Fine <RM100,000.00/
          S. 37(4)
                               Correction Request                                       Imprisonment < 1 year/Both
 6                                                                                      Fine <RM100,000.00/
          S. 38(4)        Processing after consent been withdrawn
                                                                                        Imprisonment < 1 year/Both
 7                                                                                      Fine <RM200,000.00/
          S.40(3)         Processing of Sensitive Data
                                                                                        Imprisonment < 2 years/Both
8.                        Failure to Comply with the Commissioner’s
                                                                                        Fine <RM200,000.00/
          S.42(6)              Requirement
                                                                                        Imprisonment < 2 years/Both
                          (Processing likely to cause damage or distress)
 9                        Failure to Comply with the Commissioner’s
                                                                                        Fine <RM200,000.00/
          S. 43(4)             Requirement
                                                                                        Imprisonment < 2 years/Both
                          (Direct Marketing)
10.                       Transfer of Data to Places Outside Malaysia without           Fine <RM300,000.00/
         S. 129(5)
                               any law or adequate protection                           Imprisonment < 2 years/Both
11                        Collects, disclose or procure to disclose data without        Fine <RM500,000.00/
         S. 130(3)
                               consent of Data User                                     Imprisonment < 3 years/Both
12                                                                                      Fine <RM500,000.00/
      S. 130(4) and (5)   Selling or offer to sell
                                                                                        Imprisonment < 3 years/Both
13                                             #IISF2011                                                       36
                                                                                   Half of the maximum term provided for
      S. 131(1) and (2)   Abetment and Attempt to commit any of the offences
                                                                                        that offence
Enforcement Mechanisms


       Data Protection Commissioner
       Advisory Committee
       Appeal Tribunal
       Codes of Practice
       Enforcement Notice
       Prosecution
       Revocation of Registration



                   #IISF2011           37
May I
recommend
  you to
read this!




             #IISF2011   38
My other books on ICT Law



                                                                     In Print




  Cyber Law:         Privacy and            Internet Banking:     Information &
  Policies and      Data Protection         Law and Practice      Communication
  Challenges        Sweet & Maxwell           LexisNexis UK      Technology Law
Butterworths Asia       (2002)                    (2004)        Legal & Regulatory
     (1999)                                                         Challenges
                                                                 Thomson Reuters
                                                                      (2010)



                                      #IISF2011                              39
abmunir@um.edu.my
http://profabm.blogspot.com
       +60122185242




     #IISF2011                40

Contenu connexe

Tendances

Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Chapter 11 laws and ethic information security
Chapter 11   laws and ethic information securityChapter 11   laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...Prof. (Dr.) Tabrez Ahmad
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Developing E-Government in Myanmar: What are the Building Blocks of Building ...
Developing E-Government in Myanmar: What are the Building Blocks of Building ...Developing E-Government in Myanmar: What are the Building Blocks of Building ...
Developing E-Government in Myanmar: What are the Building Blocks of Building ...Ethical Sector
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issuesDhani Ahmad
 
[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and Security[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and SecurityAriantoMuditomo
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 

Tendances (20)

Final projet
Final  projetFinal  projet
Final projet
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
Chapter 11 laws and ethic information security
Chapter 11   laws and ethic information securityChapter 11   laws and ethic information security
Chapter 11 laws and ethic information security
 
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
Developing E-Government in Myanmar: What are the Building Blocks of Building ...
Developing E-Government in Myanmar: What are the Building Blocks of Building ...Developing E-Government in Myanmar: What are the Building Blocks of Building ...
Developing E-Government in Myanmar: What are the Building Blocks of Building ...
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issues
 
[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and Security[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and Security
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal information
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT Deck
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 

En vedette

Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysiakhenghoe
 

En vedette (20)

Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
DR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk Indonesia
DR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk IndonesiaDR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk Indonesia
DR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk Indonesia
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data Privacy
 
Security Development Life Cycle
Security Development Life CycleSecurity Development Life Cycle
Security Development Life Cycle
 
Skema Akreditasi-Sertifikasi ISO 27001 Komite Akreditasi Nasional
Skema Akreditasi-Sertifikasi ISO 27001 Komite Akreditasi NasionalSkema Akreditasi-Sertifikasi ISO 27001 Komite Akreditasi Nasional
Skema Akreditasi-Sertifikasi ISO 27001 Komite Akreditasi Nasional
 
Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDF
Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDFRusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDF
Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDF
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
 
Global informationsecurityissue_ZainalHasibuan
Global informationsecurityissue_ZainalHasibuanGlobal informationsecurityissue_ZainalHasibuan
Global informationsecurityissue_ZainalHasibuan
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security Governance
 
Developing a Legal Framework for Privacy
Developing a Legal Framework for PrivacyDeveloping a Legal Framework for Privacy
Developing a Legal Framework for Privacy
 
Personal security
Personal securityPersonal security
Personal security
 
04. SAKTTI Introduction
04. SAKTTI Introduction04. SAKTTI Introduction
04. SAKTTI Introduction
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
 
Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government
Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-GovernmentTasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government
Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government
 
02. R U Sure U R Secure
02. R U Sure U R Secure02. R U Sure U R Secure
02. R U Sure U R Secure
 
Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012
Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012
Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012
 
Telkom sigma keminfo materi
Telkom sigma keminfo materiTelkom sigma keminfo materi
Telkom sigma keminfo materi
 
Chuan weihoo_IISF2011
Chuan weihoo_IISF2011Chuan weihoo_IISF2011
Chuan weihoo_IISF2011
 
Summary report cc brti
Summary report cc brtiSummary report cc brti
Summary report cc brti
 
Penanganan Kasus Cybercrime
Penanganan Kasus CybercrimePenanganan Kasus Cybercrime
Penanganan Kasus Cybercrime
 

Similaire à Abubakar munir iisf2011

Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in IndiaLATHA H C
 
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015ICT Watch
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPTrilateral Research
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
 
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docxevonnehoggarth79783
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
The Law When Two Companies Merge
The Law When Two Companies MergeThe Law When Two Companies Merge
The Law When Two Companies MergeSummer Young
 
Ensuring User Data Protection And Privacy
Ensuring User Data Protection And PrivacyEnsuring User Data Protection And Privacy
Ensuring User Data Protection And PrivacyMandy Hebert
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
Chapter 2PrivacyBased on slides prepared by Cyndi C.docx
Chapter 2PrivacyBased on slides prepared by Cyndi C.docxChapter 2PrivacyBased on slides prepared by Cyndi C.docx
Chapter 2PrivacyBased on slides prepared by Cyndi C.docxwalterl4
 
C8-Ethical, Social, & Political Issues in Ecommerce.PPT
C8-Ethical, Social, & Political Issues in Ecommerce.PPTC8-Ethical, Social, & Political Issues in Ecommerce.PPT
C8-Ethical, Social, & Political Issues in Ecommerce.PPTSyazwaniYa
 

Similaire à Abubakar munir iisf2011 (20)

Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
 
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOP
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
Data protection act
Data protection act Data protection act
Data protection act
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
The Law When Two Companies Merge
The Law When Two Companies MergeThe Law When Two Companies Merge
The Law When Two Companies Merge
 
Ensuring User Data Protection And Privacy
Ensuring User Data Protection And PrivacyEnsuring User Data Protection And Privacy
Ensuring User Data Protection And Privacy
 
Session 5 6
Session 5 6Session 5 6
Session 5 6
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
Privacy_Trends
Privacy_TrendsPrivacy_Trends
Privacy_Trends
 
Chapter 2PrivacyBased on slides prepared by Cyndi C.docx
Chapter 2PrivacyBased on slides prepared by Cyndi C.docxChapter 2PrivacyBased on slides prepared by Cyndi C.docx
Chapter 2PrivacyBased on slides prepared by Cyndi C.docx
 
C8-Ethical, Social, & Political Issues in Ecommerce.PPT
C8-Ethical, Social, & Political Issues in Ecommerce.PPTC8-Ethical, Social, & Political Issues in Ecommerce.PPT
C8-Ethical, Social, & Political Issues in Ecommerce.PPT
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10
 

Plus de Directorate of Information Security | Ditjen Aptika

Plus de Directorate of Information Security | Ditjen Aptika (20)

Sosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor KesehatanSosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor Kesehatan
 
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan TelekomunikasiSosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
 
Sosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor TranportasiSosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor Tranportasi
 
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan UdaraSosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
 
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan BatubaraSosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
 
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang KetenagalistrikanSosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
 
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
 
Fetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelolaFetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelola
 
Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118
 
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasiStandar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made WiryawanDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior LazuardiDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim GautamaDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
 
Teguh arifiyadi ls skse
Teguh arifiyadi ls skseTeguh arifiyadi ls skse
Teguh arifiyadi ls skse
 
Konny sagala skema kelaikan se
Konny sagala skema kelaikan seKonny sagala skema kelaikan se
Konny sagala skema kelaikan se
 
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronikIntan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
 
Uji Publik RPM SMPI Fetri Miftah
Uji Publik RPM SMPI  Fetri MiftahUji Publik RPM SMPI  Fetri Miftah
Uji Publik RPM SMPI Fetri Miftah
 
RPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim GautamaRPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim Gautama
 
SNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar SiregarSNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar Siregar
 
RPM SMPI
RPM SMPIRPM SMPI
RPM SMPI
 

Dernier

Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 

Dernier (20)

Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 

Abubakar munir iisf2011

  • 1. DATA PROTECTION LAW IS COMING TO ASIA Professor Abu Bakar Munir Faculty of Law, University of Malaya Adviser to the Malaysian Government (2007-2010) INDONESIA INFORMATION SECURITY FORUM 2011 14 December 2011 Bandung, Indonesia #IISF2011 1
  • 2. THE WORLD’S GREATEST NEWSPAPER 1843-2011 #IISF2011 2
  • 4. Concept of Privacy Definition Privacy is our right to keep a domain around us, which includes all those things that are part of us, such as our body, home, thoughts, feelings, secrets and identity. The right to privacy gives us the ability to choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose. #IISF2011 4
  • 5. Types of Privacy  The right to be left alone  Bodily privacy  Privacy of communications  Territorial privacy  Informational privacy #IISF2011 5
  • 6. Privacy as Human Rights Article 12 Universal Declaration on Human Rights 1948 No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. Some Other Instruments  Article 17, International Covenant on Civil and Political Rights 1966  Article 16, Conventions on the Rights of the Child 1989  Article 8, Convention for the Protection of Human Rights and Fundamental Freedoms 1950  Article 18, OIC Cairo Declaration on Human Rights in Islam 1990  Article 4.3, Declaration of Principles on Freedom of Expression in Africa 2002  Article 5, American Declaration of the Rights and Duties of Man #IISF2011 6
  • 7. Informational Privacy The rights of an individual to have control over his personal information Informational Privacy = Personal Data Protection #IISF2011 7
  • 8. Why countries protect personal data?  International obligation  Competitiveness  Human right  International influence #IISF2011 8
  • 9. Why Protect Personal Data? What Customers Say…  Nearly 90% of online consumers want the right to control how their personal information is used after it is collected (Forrester Research 2003)  87 % of Americans are concern about the security of their information on the Internet (Zogby International 2010)  61 % of adult Americans said that they were extremely concerned about the privacy of their personal information when buying online (University of Southern California 2007) #IISF2011 9
  • 10. Cont……..  Our research shows that 80% of our customer would walk away if we mishandled their information (Royal Bank of Canada 2003)  Concerns about the use of personal information led 64% of respondents to decide not to purchase from a company (Privacy and American 2005)  67% respondents decided not to register at a website or shop online because they found privacy policy to be too complicated or unclear (Privacy and American 2005) #IISF2011 10
  • 11. Malaysian Consumers Say…..  75.3% respondents say that they were “somehow concerned” and “very concerned” with their personal privacy even when not online  94.2 % respondents felt that their personal privacy might be threatened when using the Internet  50.8 % of non Internet Banking customers have not migrated to the online services mainly due to security, trust and privacy concerns (Muniruddeen Lallmahamood 2007/2008) #IISF2011 11
  • 12. Therefore….  Trust and risk are major determinants towards purchasing and of intention to purchase  Trust is difficult to gain but easy to lose  Consumers are concern about their privacy  Consumers are very concern about privacy when transact online #IISF2011 12
  • 13. GOOD PRIVACY, GOOD BUSINESS “Privacy is good for business” Harriet Pearson IBM Chief Privacy Officer #IISF2011 13
  • 14. How? Potential Risks  Breaches of data protection law  Damage to organization’s reputation and brand  Physical, psychological and economic harm to customers  Financial losses associated with deterioration in quality and integrity of personal data due to customers’ distrusts  Loss of market share or a drop in stock prizes due to negative publicity/ failure or delay in the implementation of new product / service due to privacy concern #IISF2011 14
  • 15. Benefits  More positive organizational image and significant edge over the competition  Business development via expansion into jurisdiction requiring clear privacy standard  Enhanced data quality and integrity  Fostering better customer service and more strategic business decision making  Enhanced customer trusts and loyalty #IISF2011 15
  • 16. #IISF2011 16
  • 17. #IISF2011 17
  • 18. International Instruments  OECD Guidelines 1980  Council of Europe Convention 1981  European Directive 1995  APEC Privacy Framework 2004  Madrid Resolution 2009 #IISF2011 18
  • 19. OECD Guidelines 1980 (8 Principles)  Collection limitation  Data Quality  Purpose Specification  Use Limitation  Security  Openness  Individual Participation  Accountability #IISF2011 19
  • 20. Council of Europe Convention 1981 Personal Data shall be:  obtained fairly and lawfully  stored for specified and legitimate purposes and not used in a way incompatible with those purposes  adequate, relevant and not excessive  accurate and, where necessary kept up to date  preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored #IISF2011 20
  • 21. European Directive 1995 Personal data must be;  Processed fairly and lawfully  Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes  adequate, relevant and not excessive  accurate and, where necessary kept up to date #IISF2011 21
  • 22. APEC Privacy Framework 2004 (9 Principles)  Preventing harm  Notice  Collection Limitation  Uses of personal information  Choice  Integrity  Security safeguards  Access and correction  accountability #IISF2011 22
  • 23. Madrid Resolution 2009 (6 Principles)  Lawfulness and fairness  Purpose specification  Proportionality  Data quality  Openness  Accountability #IISF2011 23
  • 24. Innovative ideas on proactive measures to protect personal data:  Procedures to prevent and detect breaches  Appointment of data protection or privacy officers  Training, education and awareness programmes  Audit  Adaptation of information systems and /or technologies  Implementation of privacy impact assessment prior to implementing new systems or technologies  Adoption of codes of practice  Implementation of a response plan The Madrid Resolution has received support from Oracle, Walt Disney, Accenture, Microsoft, Google, Intel, Procter & Gamble, General Electric, IBM and Hewlett Packard #IISF2011 24
  • 25. National Approaches  Comprehensive Legislation  Legislation + Self-Regulatory  Self–Regulatory  Doing Nothing #IISF2011 25
  • 26. Comprehensive Legislation  All EU countries, including the 10 new member states (Cyprus, Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia and Slovenia)  Japan, Korea, New Zealand, Australia, Hong Kong, Macao, Taiwan, Philippines  Chile, Argentina, Brazil, Mexico  In Middle East, only Israel #IISF2011 26
  • 27. Legislation + Self-Regulatory  USA – Privacy Act 1974 + 12 federal sectoral based legislation + State Laws + Safe Harbour Self-Regulatory  Singapore - Does not work – To have a data protection law by 2012 #IISF2011 27
  • 28. Doing Nothing so far  Brunei  Vietnam  Laos  Cambodia  Many more #IISF2011 28
  • 29. #IISF2011 29
  • 30. Our Part of the World : What’s Happening ? • Macao enacted her Personal Data Protection Act in 2006 • China has came out with several drafts of the law, and the latest in 2007 • India amended her Information Technology Act in December 2008. Some new provisions are added to protect privacy and personal data. In April 2011, the third draft of the Privacy Bill was issued. • Indonesia came out with an academic draft in 2009 • Thailand has developed a draft Bill in 2010 • Taiwan amended her old law and passed a more comprehensive Personal Data Protection Act in April 2010 • Malaysia has passed the Personal Data Protection Act in June 2010 • Korea came out with a more comprehensive law in March 2011 • The Philippines Congress has came out with the draft Act • Australia and Hong Kong are reviewing their Privacy Act and Privacy Ordinance respectively • Singapore is currently developing a law and is expected to be ready by 2012. On 13 Sept 2011, a Consultation Paper was released • In April 2011, the EU Working Party decided that the New Zealand Privacy Act is adequate #IISF2011 30
  • 31. Korea Malaysia Taiwan Data Protection Act Personal Data Personal Data 2011 Protection Act 2010 Protection Act 2010 • Data Protection • Data Protection • Data Protection Principles Principles Principles • Rights of Data Subjects • Rights of Data • Rights of Data • Organization to Subjects Subjects designate someone to take charge • Special entity to • Mandatory data • Special entity to enforce enforce the Act (Data Breach Notification the Act (Data Protection Protection (to the Data Subject) Commission/DPC) Commissioner) • Enforcement by • Mandatory reporting of • No mandatory data Ministries responsible significant breach to DPC breach notification. for each industry • Data breach notification • Differentiate personal sector (to the Data Subject) data & sensitive data. • Mediation to resolve • Does not apply to dispute. Federal and States • Differentiate personal Goverments data & sensitive data • PIAs are encouraged #IISF2011 31
  • 32. Malaysian PDPA : An Overview Federal & States Govts Credit Non- Reference Commercial Agencies Transactions Non- Application Data Personal, Processed Family, Outside Household Malaysia Affairs #IISF2011 32
  • 33. General Principle Notice and Access Choice Principle Principle DATA PROTECTION Data PRINCIPLES Disclosure Integrity Principle Principle Retention Security Principle Principle #IISF2011 33
  • 34. Exemptions • Crime Prevention/Detection • Offenders Apprehension/Prosecution • Tax/Duty Assessment/Collection Partial • Physical/Mental Health • Statistics/Research • Court Order/Judgment • Regulatory Functions • Journalistic/Literary/Artistic • Personal • Family Total • Household • Recreational #IISF2011 34
  • 35. Right to be Informed Right to Prevent Processing for Right to Direct Access Marketing Purposes RIGHTS OF DATA SUBJECTS Right to Prevent Right to Processing Correct Likely to Cause Distress Right to Withdraw Consent #IISF2011 35
  • 36. No. Section Offences Penalty 1 Fine <RM500,000.00/ S. 16(4) Processing without a certificate of registration Imprisonment < 3 years/ Both 2 Fine <RM500,000.00/ S 18(5) Processing after registration is revoked Imprisonment < 3 years/Both 3 Fine <RM500,000.00/ S.5 Contravening Data Protection Principles Imprisonment < 2 years/Both 4 Fine <RM100,000.00/ S. 29 Non-Compliance with Code of Practice Imprisonment < 1 year/Both 5 Failure to Inform the Refusal to Comply with the Data Fine <RM100,000.00/ S. 37(4) Correction Request Imprisonment < 1 year/Both 6 Fine <RM100,000.00/ S. 38(4) Processing after consent been withdrawn Imprisonment < 1 year/Both 7 Fine <RM200,000.00/ S.40(3) Processing of Sensitive Data Imprisonment < 2 years/Both 8. Failure to Comply with the Commissioner’s Fine <RM200,000.00/ S.42(6) Requirement Imprisonment < 2 years/Both (Processing likely to cause damage or distress) 9 Failure to Comply with the Commissioner’s Fine <RM200,000.00/ S. 43(4) Requirement Imprisonment < 2 years/Both (Direct Marketing) 10. Transfer of Data to Places Outside Malaysia without Fine <RM300,000.00/ S. 129(5) any law or adequate protection Imprisonment < 2 years/Both 11 Collects, disclose or procure to disclose data without Fine <RM500,000.00/ S. 130(3) consent of Data User Imprisonment < 3 years/Both 12 Fine <RM500,000.00/ S. 130(4) and (5) Selling or offer to sell Imprisonment < 3 years/Both 13 #IISF2011 36 Half of the maximum term provided for S. 131(1) and (2) Abetment and Attempt to commit any of the offences that offence
  • 37. Enforcement Mechanisms  Data Protection Commissioner  Advisory Committee  Appeal Tribunal  Codes of Practice  Enforcement Notice  Prosecution  Revocation of Registration #IISF2011 37
  • 38. May I recommend you to read this! #IISF2011 38
  • 39. My other books on ICT Law In Print Cyber Law: Privacy and Internet Banking: Information & Policies and Data Protection Law and Practice Communication Challenges Sweet & Maxwell LexisNexis UK Technology Law Butterworths Asia (2002) (2004) Legal & Regulatory (1999) Challenges Thomson Reuters (2010) #IISF2011 39